Issues Fixed in this Release

Citrix Password Manager™ 4.5

Product: Citrix Password Manager
Current Product Version: 4.5
Previous Product: Password Manager
Previous Product Version: 4.1
Language: English (EN)
Fixed Issues List: 1.0

The following issues have been fixed since the previous release of this product. For information about new features and system requirements, see the product administration guides.

Password Manager Agent

1. Console applications such as cmd.exe are not handled by Password Manager. These console applications are owned by the Win32 subsystem and are not directly hookable. Therefore, ssohok.dll cannot catch window creation events on such applications.

   From PM_Agent_4_1_87_1]{#115569]

2. The host emulator screen detection sometimes fails.

   [From PM_Agent_4_1_87_1]{#115656]

3. For network logon dialogs that do not show unique Server Name fields, Password Manager was not able to distinguish the difference between different network logon dialogs connecting to different servers. This occurs because Password Manager required the Server Name field to be unique for different server connections. Additionally, the credential matching code contained a logic error that prevented it from distinguishing between undefined applications (by the administrator) and unconfigured applications (by the user).

   [From PM_Agent_4_1_87_1]{#116067]

4. If a user has incorrect credentials stored in Password Manager for a mainframe application, an error loop dialog box appears after Password Manager detects failure when trying to log on to the application. If the user clicks Cancel in the error loop dialog box and then manually attempts to enter credentials into the mainframe application, Password Manager detects changes to the mainframe application's screen and attempts to send the incorrect credentials again.

   [From PM_Agent_4_1_87_1]{#120836]

5. When Password Manager attempts to detect the fields on a Web page, the CPU on the client device spikes for 30 to 60 seconds. The client device is unresponsive during this time. The Web page, generated by a third party application, has 130 forms with input fields in them. This makes ssobho.exe query all of them and spike the CPU.
   

   For this fix to work, do the following:

   1. Shut down the agent.
   2. Open the Password Manager Console.
   3. Edit the user configuration settings to Detect client-side application definitions and allow Password Manager to detect All applications or Only applications that are defined by users in Logon Manager. (Note that all applications is the default for this setting.)

   [From PM_Agent_4_1_87_1]{#126054]

6. Logon Chooser does not process accelerator keys when a Web application with multiple credentials is detected. Windows messages for Logon Chooser dialog are not routed correctly.

[From PM_Agent_4_1_87_1]{#127074]

7. CPU usage sometimes spikes dramatically when the agent processes a Web page with many DIV elements. This occurs when the agent attempts to parse every element on the Web page to determine whether or not the Web page is a logon page.

[From PM_Agent_4_1_87_1]{#128020]

8. The agent experiences a fatal error when Windows certification tests are running.

[From PM_Agent_4_1_87_1]{#128909]

9. When using the agent with Windows NT 4.0 Workstation, the Logon Manager displays incorrect application names that include non-ASCII characters on the defined application list. This occurs when the Password Manager central store is located in Active Directory.

[From PM_Agent_4_1_87_1]{#129048]

10. Even though Java support is disabled when creating the agent installation image, Password Manager support for Java applications is still present after installation. Binaries are installed in the relevant JRE paths and the Program Files\Common Files\Citrix\MetaFrame Password Manager\JavaSupport folders.

[From PM_Agent_4_1_87_1]{#129198]

11. When using a smart card in an ICA session on a computer running Presentation Server, disconnecting and reconnecting to the ICA session generates the following error message:

    "The smart card is missing. Please insert the same smart card used during Windows logon."

    If you remove and insert the same smart card, the error message appears again, up to three times. After the third time, a different error message appears:

    "Too many smart card insertion attempts. For security reasons, Citrix Password Manager must now shut down."

This fix adds more resilient implementation of the agent's ability to monitor smart card usage for ICA connections.

Known Limitation: If multiple smart card readers are connected to the client device, Password Manager may not be able to determine the correct smart card reader.

[From PM_Agent_4_1_87_1]{#129950]

12. When the agent is configured to use Smart Card Data Protect but the user does not insert the smart card used for previous Windows authentication, the agent is supposed to shut down. Instead, the agent tries to perform key recovery (either automatic or question-based) prior to shutdown.

    [From PM_Agent_4_1_87_1]{#129952]

13. With this fix, users employing the Discussion feature for Microsoft Office in conjunction with Internet Explorer are not prompted multiple times to change their password.

    [From PM_Agent_4_1_87_1][#130865]

14. When this fix is applied, Active Directory user names that contain commas are recognized by Password Manager.

    [From PM_Agent_4_1_87_1][#131182]

15. When this fix is applied, multiple sessions for IBM Host On Demand 9.0 are supported by Password Manager.

    [From PM_Agent_4_1_87_1][#131596]

16. This fix ensures that the special character requirements set in password policies are correctly applied by Password Manager.

    [From PM_Agent_4_1_87_1][#132314]

17. This fix allows user data to be deleted when users log off from a client device if the Delete user's data folder and registry keys when the agent is shut down option is selected.

    [From PM_Agent_4_1_87_1][#133017]

18. This fix introduces a usability enhancement that allows users to click Cancel to stop automatic credential submission by Password Manager and manually submit credentials after incorrect credentials are passed to host/mainframe applications multiple times.
    

    [From PM_Agent_4_1_100_0][#134011]

19. This is a feature enhancement to support the use of the window styles WS_CLIPCHILDREN and WS_CLIPSIBILINGS.

    [From PM_Agent_4_1_200_1][#133843]

20. This fix allows users to change both their user name and password simultaneously using Logon Manager.

    [From PM_Agent_4_1_200_1][#133914]

21. Custom agent software packages may not connect to the Data Integrity Service if a port other than 443 is used for communication.

    [From PM_Agent_4_1_200_1][#138232]

22. When using SendKeys, the agent may fail to submit credentials to multiple document interface and similar applications, such as Meditech.

    [From PM_Agent_4_1_200_1][# 138721]

23. After upgrading the Password Manager Agent on a Windows client device that has the Cisco Aironet Client Utility installed, the client device may display a blue screen upon restart.

    [From PM_Agent_4_1_200_1][#139520]

24. When the Change Password wizard is complete, the password changed event is not logged in the Event viewer if the event log is enabled.

    [From PMAgent_4_1_300_1][#137174]

25. Password Manager does not support Web applications that are launched in the 64-bit version of Internet Explorer.

    [From PMAgent_4_1_300_1][#140100]

26. If an NTFS file share is used for Password Manager synchronization, and if the NETBIOS domain name contains a period, such as "citrix.local," the Password Manager Agent fails to synchronize during startup. The following error message appears: "Citrix password manager agent is unable to retrieve the license server location. Check to see if the agent can connect to synchronization agent. Agent is disabled."

    [From PMAgent_4_1_300_1][#141429]

27. When the setting Make this application a password sharing group is selected in Application Group, an invalid password (that is not qualified according to the assigned password policy) is accepted by Password Manager.

    [From PMAgent_4_1_300_1][#141501]

28. The setting for HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\MetaFrame Password Manager\Shell\TimeOutForDependantModules does not work when connecting ICA sessions with domain users who do not have full access permission to the registry key. This fix modifies the access permissions requirement from full access to read access.

    [From PMAgent_4_1_300_1][#142777]

29. Missing support for fonts results in garbled balloon messages in Japanese.

    [From PMAgent_4_1_300_1][#142860]

30. Password Manager might not detect credential fields on a Web page if the fields are not enclosed using the form HTML tag. Password Manager might not detect buttons on a Web page when using the button HTML tag.

    [From PMAgent_4_1_300_1][#144382]

31. The user must click Cancel twice to finish the Change Password wizard.

    [From PMAgent_4_1_300_1][#145898]

32. When accessing or refreshing certain Web sites in Internet Explorer, the following error message may appear: "Internet Explorer cannot open the Internet site <xyz>. Operation Aborted." This error message does not appear when the agent is turned off.

    [#146430]

33. If an application is part of a password sharing group, the agent does not enforce password policy rules to new passwords if users provide the passwords manually through the Password Change wizard.

    [#146474]

Password Manager Console and Service

1. This fix adds support for a new WinHLLAPI initialization requirement. Password Manager does not work with WinHLLAPI-compliant host emulators that require reinitializing of the HLLAPI dll at the time the host application launches. This occurs because Password Manager initializes HLLAPI dlls when the agent starts up, not when the host application is launched.

   To enable WinHLLAPI reinitialization when the host application is launched:

   1. Define the host application as a Windows application. Use the emulator window to do this; the window does not have to be connected to a host application. In addition, define a logon form (either through control IDs or SendKeys).
   2. Export the Windows application definition to an .xml file and manually add <NotifySSOMHO>1< /NotifySSOMHO> to the application definition as the last entry in the [Options] section within the WinForms section.
   3. Import the modified Windows application definition into the console. The modified application definition allows the agent to detect the emulator application when it is invoked by notifying SSOMHO to initialize WinHLLAPI.
   4. Define the host application as usual.
   5. Deploy both the Windows definition and the host definition to the sync point.
   6. On the agent, in the mfrmlist.ini file located in the agent's Programs Files directory, add "LoadWinHllapi=1" to the HLLAPI definition. This setting instructs SSOMHO to look for and initialize WinHLLAPI rather than the default HLLAPI.
   7. Restart the agent.

   [From PM410W001][#110030]

2. When validating licenses using the console, the following error message may appear:

   "An exception of unknown type has occurred during the configuration validation."

   However, the agent can continue to work with these licenses.This occurs when multiple license files or a license file with multiple feature lines are in use.

   [From PM400W001][#122466]

3. After updating the .NET Framework to Version 2.0 (for example, through Windows automatic updates), the Password Manager 4.0 Console loads in Version 2.0 of the .NET Framework, and any user configurations performed in the 2.0 environment cause other components that load in Version 1.1 to fail. The issue is caused by an object incompatibility between the two versions of the .NET Framework. Even after upgrading to Password Manager 4.1, this data remains unreadable by components loaded in .NET 1.1, causing those components to fail.

   With this fix, configurations previously unreadable due to Version 2.0 conflicts are readable again.

   [From PM410W001][#124742]

4. If an application's definition name is the same as the application's group name, the Password Manager Console becomes unresponsive, displaying the following error message:

   "The user configuration data contained errors. Please refer to your Windows Event Log for application information regarding the errors found."

   [From PM400W001][#126185]

5. When attempting to change their password using the Self-Service Password Reset feature, users receive a generic error message stating that they cannot use the feature if they are attempting to change their password to one that does not comply with their domain password policy in terms of password length or complexity.

   This fix introduces an API that provides more specific and meaningful information.

   [From PM410W001][#127016]

6. When using the Citrix provisioning API addRequest without passing in a credential name, the API returns an error message. The Citrix API documentation does not reflect this behavior.

   This fix removes the credential name requirement from the API.

   [From PM410W001][#128352]

7. When using the Citrix provisioning API lookUpRequest, the API returns information for all the credentials a user has rather than for only the particular user credential specified in the request for this API. The Citrix API documentation does not reflect this behavior.

   This fix corrects the lookupRequest API implementation to return only the specific information for the requested user credentials.

   [From PM410W001][#128353]

8. If you run the console, the Application Definition Tool, or the Service Configuration Tool in an Active Directory domain environment, Password Manager may treat the environment as a Windows NT environment. The issue occurs if upon running Configure and Run Discovery for the first time, Password Manager fails to enumerate Active Directory domain controllers.

   With this fix, Password Manager properly recognizes Active Directory domain environments. Also, the fix lets you correct situations where Password Manager is already treating Active Directory domain environments as Windows NT domain environments.

   To do this:

   1. Locate and delete the original console file, ascmmc.msc.
   2. Open the Microsoft Management Console and manually add the Access Suite Console snap-in to it.
   3. Run ServiceConfigurationTool.exe.

   [From PM410W001][#128762]

9. Launching the Service Configuration Tool on a computer running in a Windows NT domain environment is now supported.

   [From PM41SP1][#129291]

10. An optional [Delete] keystroke was added for application definitions that use SendKeys.

    [From PM41SP1][#129996]

11. Credential Provisioning is now supported for servers running in Windows NT domains.

    [From PM41SP1][#132828]

12. Passwords that do not meet the length and complexity requirements set by the administrator prompt the following message to appear: "The password does not meet the password policy requirements. Check the minimum length and password complexity requirements."

    [From PM41SP1][#133565]

13. The console now displays the properties information for all available central stores.

    [From PM41SP1][#134344]

14. Some SendKeys settings and allowed window classes may not export or import correctly.

    [From PM411W001][#129863]

15. Password Manager may prompt users to log on or change their passwords when a similar but unrelated application screen is invoked. The issue occurs when Password Manager mistakes Logon or Change Password dialog boxes of applications for windows instead of controls. This happens when the dialog boxes are implemented in non-standard ways. This fix resolves the issue by adding support for use of Control IDs with SendKeys to better identify application windows.

    [From PM411W001][#135536]

16. With this fix, invalid minimum character and maximum repeatable character requirement combinations can be defined in a password policy.

    [From PM411W001][#136883]

17. Auto submit behavior for one application within an application group may be inherited by other applications within the group that are not defined to submit credentials automatically.

    [From PM411W001][#137509]

18. Credential Provisioning fails for user names with a period used as a separator within the user name.

    [From PM411W001][#142333]

19. The setting for HKEY_LOCAL_MACHINE\Software\Citrix\MetaFrame Password Manager\Shell\TimeOutForDependantModules does not work when connecting ICA sessions with domain users who do not have full access permission to the registry key. This fix modifies the access permissions requirement from full access to read access.

    [From PM411W002][#142777]

20. Password Manager might not detect credential fields on a Web page if the fields are not enclosed using the form HTML tag. Password Manager might not detect buttons on a Web page when using the button HTML tag.

    [From PM411W002][#144382]

21. If a backslash (\) or a quote symbol (") is specified as an excluded character in the exclusion rule of a password policy, the exclusion characters list is corrupted each time the policy is edited in the Password Manager Console after the Password Manager Agent synchronizes with the synchronization point.

    [From PM411W002][#146616]

Copyright © 2006 Citrix Systems, Inc. All rights reserved.
Citrix, MetaFrame, and MetaFrame XP are registered trademarks, and Citrix Presentation Server is a trademark of Citrix Systems, Inc. in the United States and other countries.
All other trademarks and registered trademarks are the property of their respective owners